Been playing with NUIX in the time slot which opened since I'm not involved in training on OLAF 2014 spring event. My understanding of NUIX product as my NUIX skills are far from good, but feeling is definitively good. In nutshell I'm redoing things which were done in EnCase or some other tool.
There is nice article "A broad evidental view" about integration of NUIX and UFED eg, ability of NUIX to process results of UFED phone extractions. It works as it is suggested and quite fast, but my results are a bit unexpected because of lack of skill. Since I have XRY and UFED available I'll try same method for both tools.
For a such powerful tool manuals are bit small, it is easy to do things in a wrong way and terminology is different to EnCase jargon. One need to learn and re-calibrate to new tool
What really makes me happy is easiness to incorporate the ufed results into case with other tools results, it is as simple as adding a directory where UFED report files are stored into NUIX case. Same is for XRY image, looks to me in my lack of experience that NUIX is perfect integration tool ..
Only drawback is documentation, but this is common weakness in today digital forensic tools, can't do much about that but try, test and learn what is correct.
There are plenty of possibilities to try and evaluate, since it can be scripted and used from command line hot to create batching and automated processing also ability to use collaborative web interface. Actually in current context NUIX as second level, more integration tool, makes much more sense. In that scenario collaborating web interface is a big advantage.
There is nice article "A broad evidental view" about integration of NUIX and UFED eg, ability of NUIX to process results of UFED phone extractions. It works as it is suggested and quite fast, but my results are a bit unexpected because of lack of skill. Since I have XRY and UFED available I'll try same method for both tools.
For a such powerful tool manuals are bit small, it is easy to do things in a wrong way and terminology is different to EnCase jargon. One need to learn and re-calibrate to new tool
What really makes me happy is easiness to incorporate the ufed results into case with other tools results, it is as simple as adding a directory where UFED report files are stored into NUIX case. Same is for XRY image, looks to me in my lack of experience that NUIX is perfect integration tool ..
Only drawback is documentation, but this is common weakness in today digital forensic tools, can't do much about that but try, test and learn what is correct.
There are plenty of possibilities to try and evaluate, since it can be scripted and used from command line hot to create batching and automated processing also ability to use collaborative web interface. Actually in current context NUIX as second level, more integration tool, makes much more sense. In that scenario collaborating web interface is a big advantage.
No comments:
Post a Comment